Window Vista Not So Impregnable – Softpedia

Microsoft's most applauded and presumably the most secure platform for Windows, Windows Vista is not so impregnable now. Just an animated cursor can do the trick, Softpedia published on 30 March 2007.

Inadequate format validation, prior to the rendering of cursors, icons and animated cursors is at the core of the zero day vulnerability.

The software giant was quoted to have sold 20 million copies of Windows Vista in early reports. A number that's much faster if compared to Windows XP's sales in its 1st month. Streetinsider published this on 27 March 2007.

Symantec notified that if the vulnerability was exploited successfully by any chance, the scammer could perform remote execution of arbitrary code on the machine of the victim. Such an attack would include two vectors, the first one being Internet browser while another desktop e-mail client.

Microsoft has sent out warnings that it's aware of the targeted and limited attacks that are impacting a vital hole in the animated cursor handling of MS Windows. The Security Advisory of Microsoft has said that to carry out this attack the user has to either visit a website containing a web page used for exploiting the vulnerability or for viewing a specifically designed message or attachment sent to the user from a hacker.

However, in spite of these mitigations, Vista is still susceptible to attacks. In a video that's embedded on the website of Softpedia, one can easily view Craig Schmugar - McAfee's virus research manager, sending Vista in to an infinite loop of "crash restart". And, he does this by just dragging a distorted .ani file to the desktop of the OS.

The vulnerability is present on almost the whole line of Windows OSes, comprising Vista. Windows users who browse malicious websites using Internet Explorer version 6 or 7 put their machines at high risk of running arbitrary code, as per McAfee.